Description

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

Remediation

References

CVE-2008-1989

Related Vulnerabilities

WordPress Plugin Custom Post Type UI Cross-Site Scripting (1.1.1)

MySQL CVE-2018-3162 Vulnerability (CVE-2018-3162)

Plone CMS Resource Management Errors Vulnerability (CVE-2012-5496)

Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-16845)

TYPO3 Improper Input Validation Vulnerability (CVE-2010-4068)

Severity

Critical

Classification

CVE-2008-1989 CWE-94

Tags

Missing Update Known Vulnerabilities